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Abstract. The problem of finding a nontrivial factor of a polynomial f(x) 
over a finite field ¥ q has many known efficient, but randomized, algorithms. 
The deterministic complexity of this problem is a famous open question even 
assuming the generalized Riemann hypothesis (GRH). In this work we improve 
the state of the art by focusing on prime degree polynomials; let n be the 
degree. If (n — 1) has a 'large' r-smooth divisor s, then we find a nontrivial 
factor of f(x) in deterministic poly (n r , log q) time; assuming GRH and that 
s = f!(^/n/2 r ). Thus, for r = O(i) our algorithm is polynomial time. Further, 
for r = rz(loglogn) there are infinitely many prime degrees n for which our 
algorithm is applicable and better than the best known; assuming GRH. 

Our methods build on the algebraic-combinatorial framework of m-schemes 
initiated by fvanyos, Karpinski and Saxena (1SSAC 2009). We show that the 
m-scheme on n points, implicitly appearing in our factoring algorithm, has 
an exceptional structure; leading us to the improved time complexity. Our 
structure theorem proves the existence of small intersection numbers in any 
association scheme that has many relations, and roughly equal valencies and 
indistinguishing numbers. 



We consider the classical problem of finding a nontrivial factor of a given polyno- 
mial over a finite field. There exist various randomized polynomial time algorithms 
for this problem, such as Berlekamp |Ber67|, Rabin }Rab80| . Cantor & Zassenhaus 
[CZ8lj . vo n zur G athen & Shoup |vzGS92j . Kaltofen & Shoup [KS98] . and Kedlaya 
& Umans [KUllj . but its deterministic time complexity is a longstanding open 
problem. It pertains to the general derandomization question in computational 

2000 Mathematics Subject Classification. f2Y05, 05E30, 05Ef0, 03Df5, 68W30. 
Key words and phrases, algebra decomposition, association scheme, cyclotomic scheme, finite 
field, GRH, Linnik, matching, polynomial factoring, representation theory, smooth number, tensor. 



Contents 



1. Introduction 

2. Preliminaries: m-schemes 

3. Preliminaries: The IKS-algorithm 

4. Factoring prime degree polynomials 

5. Number theory considerations 

6. Conclusion 
Acknowledgements 
References 



1 

m 
m 

H2 

na 



1. Introduction 



2 



ARORA, IVANYOS, KARPINSKI, AND SAXENA 



complexity theory, i.e. whether any problem solvable in probabilistic polynomial 
time can also be solved in deterministic polynomial time. 

In this paper, we consider the deterministic time complexity of the problem of 
polynomial factoring over finite fields assuming the generalized Riemann hypothesis 
(GRH) (Section 3.1). GRH enables us to find primitive r-th nonresidues in a finite 
field ¥ q , which are in turn used to find a root x (if it exists in F g ) of polynomials of 
the type x r — a over ¥ q [AMM77] . Assuming GRH, there are many deterministic 
factoring algorithms known but all of them are super-polynomial time except on 
special input instances: Ronyai |R6n92j showed that under GRH, any polynomial 
f(x) £ Z[x] can be factored modulo p deterministically in time polynomial in the 
order of the Galois group of f(x), except for finitely many primes p. Ronyai's result 
generalizes previous work by Huang Hua91j, Evdokimov [Evd89 , and Adleman, 
Manders & Miller |AMM77j . Bach, von zur Gathen & Lenstra |BvzGL01j showed 
that polynomials over finite fields of characteristic p can be factored in deterministic 
polynomial time if <fik(p) is smooth for some integer k, where 4>k{p) is the fc-th 
cyclotomic polynomial. This result generalizes previous work by Ronyai [R6n89], 
Mignotte & Schnorr |MS88) . von zur Gathen |vzG87j . Camion |Cam83j . and Moenck 
|Moe77j . 

The line of research which interests us was started by Ronyai [R6n88j . He used 
GRH to find a nontrivial factor of a polynomial f(x) € F 9 [a;], where n — deg/ 
has a small prime factor, in deterministic polynomial time. Ronyai's framework 
relies on the discovery that finding a nontrivial automorphism in certain algebras 
(such as A := ¥ q [x]/ f(x) and its tensor powers) yields an efficient decomposition of 
these algebras under GRH. Building on Ronyai's ideas, Evdokimov Evd94 showed 
that an arbitrary degree n polynomial fix) G ^q[x] can be factored deterministi- 
cally in time poly(log q, n l ° sn ) under GRH. This line of approach has since been 
investigated, in an attempt to cither remove GRH [IKRS12] or improve the time 
complexity, leading to several analytic number theory, algebraic-combinatorial con- 
jectures and special case solutions |CH001 IGaoOll ISah081 IIKS09] . 

Our method in this paper, building on IKS09 , encompasses the known algebraic- 
combinatorial (if not analytic number theory) methods and ends up relating the 
complexity of polynomial factoring to 'purely' combinatorial objects (called schemes 
and intersection numbers) that are central to the research area of algebraic com- 
binatorics. The methods of |R6n881 IEvd94l ICH001 IGaoOll ISah08j arrange the un- 
derlying roots of the polynomial in a combinatorial object that satisfies some of 
the defining properties of schemes. This paper contributes to the understanding of 
schemes by making progress on a related purely combinatorial conjecture, which is 
naturally connected with polynomial factoring. 



1.1. Our main result. We study the problem of finding a nontrivial factor of a 
polynomial of prime degree. Intuitively, this case should not be any easier. However, 
it turns out that our combinatorial framework is quite well behaved over prime 
number of roots and gives an improved time complexity. We call a number s 6 N 
r-smooth if each prime factor of s is at most r. 

Theorem 1.1 (Factoring). Let f{x) be a polynomial of prime degree n over¥ q . 
Assume (n — 1) has a r-smooth divisor s, with s > \fnji + 1 and I G N>o- Then 
we can find a nontrivial factor of f{x) deterministically in time poly (log q, n r+logi ) 
under GRH. 
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Naturally, one asks if there exist infinitely many primes n for which Theorem |l.f| 
is a significant improvement. A well-known number theory conjecture concerning 



primes in arithmetic progressions is connected to this question (Section 5.1 ). Under 
the conjecture that L — 2 is admissible for Linnik's constant [Lin44j, we prove that 
there exist infinitely many primes n for which the time complexity in Theorem |1.1| 
is polynomial. Even simply under GRH the factoring algorithm has an improved 
time complexity over the best known ones, for infinitely many n. 

Corollary 1.2 (Infinite family). Assuming GRH, there exist infinitely many primes 
n such that every polynomial f{x) G F g [x] of degree n can be factored deterministi- 
cally in time poly(logg, n g gn ). 

Further if L — 2 is admissible for Linnik's constant, then there exist infinitely 
many primes n such that every polynomial f{x) G V q [x\ of degree n can be factored 
deterministically in time poly (log q, n). 

The techniques known before our work do not give a result as strong as ours on 
this particular infinite family of degrees. The best one could have done before is 
poly(log q, n l ° sn ) time, by the general purpose algorithm of Evdokimov |Evd94j . 

1.2. Idea of m-schemes. The GRH based algorithm for factoring polynomials 
over finite fields by Ivanyos, Karpinski and Saxena IK SI)!) (called IKS-algorithm 
in the following) relies on the use of combinatorial schemes, more specifically m- 
schemes. If we denote [n] :— {l,...,n}, then an m-scheme can be described as 
a partition of the set [n] s , for each 1 < s < m, which satisfies certain natural 



properties called compatibility, regularity and invariance (Section 2.1 1. The notion 



of m-scheme is closely related to the concepts of superscheme |Smi94l . association 
scheme |BI84[ IZie05] . coherent configuration |Hig70| , cellular algebra |WL68j and 
Krasner algebra [Kra38j . Curiously, techniques initiated by |WL68j are used in 
another outstanding problem - deciding graph isomorphism. 



The IKS-algorithm (Section 3.2 ) associates to a polynomial f(x) £ V q [x] the nat- 
ural quotient algebra A := ¥ q [x\/ f(x) and explicitly calculates special subalgebras 
of its tensor powers A® s (1 < s < m). Through a series of operations on systems of 
ideals of these algebras (which can be performed efficiently under GRH), the IKS- 
algorithm either finds a zero divisor in A - which is equivalent to factoring f{x) - 
or obtains an m-scheme from the combinatorial structure of A® s (1 < s < m). In 
the latter case, the m-scheme obtained may be interpreted as the 'reason' why the 
IKS-algorithm could not find a zero divisor in A. 

It is not difficult to prove that the IKS-algorithm always finds a zero divisor in 
A if we choose m large enough (viz. in the range logn), yielding that the IKS- 
algorithm deterministically factors f(x) in time poly (n logn , log q). Moreover, it is 
conjectured that even choosing m as constant, say m — c where c > 4, is enough to 
find a zero divisor in A (and hence factor /), which would give the IKS-algorithm a 
polynomial running time under GRH. This is the subject of the so-called schemes 



conjecture (Section 2.4) on the existence of matchings (Sections 2.3 & 3.3). 

We remark that the schemes conjecture is a purely algebraic-combinatorial con- 
jecture concerning the structure of certain kinds of TO-schemes. We also note that 
the schemes conjecture is already proven for an important class of m-schemes, 



namely the so-called orbit m-schemes (Theorem 2.7 1. In this current work, we 
prove the schemes conjecture for an interesting class of m-schemes on a prime num- 
ber of points, culminating in a somewhat surprising result about the factorization 
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of prime degree polynomials. Our proof builds on the strong relationship of m- 



schemes and association schemes (Section 2.2), and involves fundamental structure 



results about association schemes of prime order by Hanaki & Uno |HU06| and 
Muzychuk & Ponomarenko [ MP 12] . 

1.3. Idea of association schemes. Underlying Theorem |1.1| is a structural result 
about association schemes with bounded valencies and indistinguishing numbers. 
Recall Zic05, MP12 that an association scheme is a pair (X, G) which consists of 
a finite set A and a partition G of X x X such that 

(1) G contains the identity relation 1 := {(x, x) \ x G X}, 

(2) if g G G, then g* := {(y, x) \ (x, y) G g} G G, and 

(3) for all /, g, h € G, there exists an intersection number Cj g G N such that 
for all (a, /?) G h, c) g = #{ 7 el| (a, 7 ) € /, (7, P) € <?}• 

An element g G G is called a relation (or color) of (X, G). We call \X\ the order of 
(X, G). For each j € G, we define its valency n g := and its indistinguishing 
number c{g) := J2veG c vv*- 

Whenever it helps, an association scheme can also be thought of as a colored 
directed graph with X as vertices and G as edges. But it is richer in algebraic 
structure than a graph and often evokes the feeling "group theory without groups" 
BI84J. Below we formulate our main scheme theory result; it essentially proves 
that a large number of relations means the existence of small intersection numbers 
(assuming bounded valency and indistinguishing number). It is vaguely related to 
the structural results in the literature that concern with the so-called Schurity of 
schemes [EPOOj IEP03[ IEP09[ IMP 12] . We are concerned 'merely' with two small 
intersection numbers and hence we are able to work with better parameters. 

Theorem 1.3 (Small intersection numbers). Let (A, G) be an association scheme. 
Assume there exist c,k,£ € N and < 5i,Si,8' 2 < 1 with 1 < t < (Sf/S'i) ■ k such 
that for all 1 =/= g G G, 

Si ■ k < n g < S[ ■ k and c(g) < 5' 2 ■ c. 
If \G\ > 2(S[/Si) 3 S2 ■ jti + 2 then there exist nontrivial relations u ^ v,w ^ w 1 G G 
such that 0<c%* v <c%l v < I. 



The above theorem establishes the existence of small intersection numbers in 
association schemes where both the valencies and indistinguishing numbers of non- 
trivial relations are confined to a certain range. Interestingly, we give evidence that 



the result is optimal (Section 5.2). An important example of association schemes 



of this type are schemes of prime order (Sections |4.1| fc 5.2). There the nontriv- 
ial relations have equal valency, say k |HU06] and equal indistinguishing numbers 
(k- 1) |MP12| . 

Corollary 1.4 (Prime scheme). Let ( A, G) be an association scheme of prime 
order n = \X\ and valency k. Let £ G N>i- If \G\ > ^Ex + 2 then there exist 
nontrivial relations u ^ v,w ^ w' € G such that < c™, v < c™, v < I. 

Drawing on the connection of association schemes and m-schemes, we deduce 
from Corollary |1.4| the existence of matchings in certain m-schemes on a prime 



number of points that helps in algebra decomposition (Section 4.2). This is the 
prime source of our results in the domain of polynomial factoring. 
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1.4. Organization. fJ5] provides an introduction to the notion of m-schemes and 
surveys important results and concepts associated therewith. We put a special em- 
phasis on explaining the connection between association schemes and m-schemes 
([2.2 1. In f|3]we describe the IKS-algorithm for factoring polynomials over finite 



fields, which builds on the theory of m-schemes. Theorem 3.4 delineates how to fac- 
tor polynomials by exploiting m-scheme structure. In Qwe prove our main results: 
Theorem |1.1| on the factorization of polynomials of prime degree and Theorem |1.3| 
on the existence of small intersection numbers in association schemes with bounded 
valencies and indistinguishing numbers. In addition, Sj5] explains how Theorem |1.1| 



ties in with the density of primes in arithmetic progressions ([5.1 1 and discusses in 



which sense the bounds given in Theorem 1.3 are optimal ([5.2) 



2. Preliminaries: m-sCHEMES 

In this section we define special partitions of the set [n] m that we call m-schemes 
on n points. These combinatorial objects were first defined in |IKS09j . They occur 
naturally as part of the IKS-algorithm for factoring polynomials over finite fields. 
In the following, we give an overview of the basic theory of m-schemes. 

2.1. Basic definitions. In this section, we introduce the necessary definitions for 
the study of m-schemes. For reference purposes, the terminology used here is the 
same as in the paper [IKS09J . 

s-tuples: Throughout this section, V is an arbitrary set of n distinct elements. 
For 1 < s < n, we define the set of essential s-tuples by 

V 1 -^ := {(fi, i>2j • • • j v s ) | vi,V2, ■ ■ ■ ,v s are s distinct elements of V}. 

Projections: For s > 1, we define s projections 7r|,7r|, . . . ,7r| : — > V^^ 1 ^ 

by 

7r| : (vi,..., Vi-i,Vi,v i+ i,...,v s ) — ► (yi,...,Vi-i,Vi+t,...,v s ). 
Moreover, for 1 < ii < . . . < i/~ < s we define 

■ v —> v > *il,.;i k =7r il --- 071 v 

Permutations: The symmetric group on s elements Symm s acts on V^*' in a 
natural way by permuting the coordinates of the s-tuples. More accurately, the 
action of r G Symm s on (vi, . . . ,Vi, . . . , v s ) € is defined as 

. . . ,Vi, . . . ,V S ) T := (vir,...,Vir,,..,V s -r). 

m-Collection: For 1 < m < n, an m-collection on V is a set II of partitions 
Vi,V 2 ,..-,V m of V^ 2 \...,V^ respectively. 

Colors: For 1 < s < m, the equivalence relation on corresponding to the 
partition V s will be denoted by =v t ■ 

Below, we discuss some natural properties of m-collections that are relevant to us. 
In the following, let n = {Pi, 7^2, ■ • • > V m } be an m-collection on V. 

PI (Compatibility): We say that II is compatible at level 1 < s < m, if 
u,v € P E Vs implies that for every 1 < i < s there exists Q G V s -% such that 

In other words, if two tuples (at level s) have the same color then for every 
projection the projected tuples (at level s — 1) have the same color as well. It 
follows that for a class P £ V s , the sets Trf(P) := {^(v) \ v £ P}, for all 1 < i < s, 
are colors in V s -\. 
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P2 (Regularity): We call II regular at level 1 < s < m, if u, v £ Q £ V s -i 
implies that for every 1 < i < s and for every P £ V s , 

e p | <(«') = s} = e p I tt|(«') = «}. 

Fibres: We call the tuples in P n (7t|)~ 1 (m) the 7r| -fibres ofu inP. So regularity, 
in other words, means that the cardinalities of the fibres above a tuple depend only 
on the color of the tuple. 

Subdegree: The above two properties motivate the definition of the subdegree 
of a color P over a color Q as s(P, Q) := IS-, assuming that j fc (P) = Q for 

some 1 < i\ < . . . < if. < s and that II is regular at all levels 2, . . . , s. 

P3 (Invariance): We say that IT is invariant at level 1 < s < m, if for every 
P £ V s and t 6 Symm s , we have: 

P r :={w T |t)GP}eP s . 

In other words, the partitions Vi, . . . ,V m are invariant under the action of the 
corresponding symmetric group. 

P4 (Homogeneity): We say that IT is homogeneous if \V\\ = 1. 

P5 (Antisymmetry): We say that IT is antisymmetric at level 1 < s < m, if 
for every P £ V s and id ^ t £ Symm s , we have P T 7^ P. 

P6 (Symmetry): We say that IT is symmetric at level 1 < s < m, if for every 
P £ Vs and r £ Symm s , we have P r = P. 

Note that an m-collection is called compatible, regular, invariant, symmetric, 
or antisymmetric if it is at every level 1 < s < m, compatible, regular, invariant, 
symmetric, or antisymmetric respectively. 

m-Scheme: An m-collection is called an m-scheme if it is compatible, regular 
and invariant. 

We start with an easy non-existence lemma for m-schemes [IKS09} Lemma 1]. 
Note that the lemma below puts the main content of [R6n88 in a more general 
framework. 

Lemma 2.1. Let r > 1 be a divisor of n. Then for m > r there does not exist a 
homogeneous and antisymmetric m-scheme on n points. 

Proof. For m > r, clearly every m-scheme contains an r-scheme (hint: Project the 
tuples to the first r places). Hence it suffices to prove the above statement for 
m = r. Suppose for the sake of contradiction that there exists a homogeneous 
and antisymmetric r-schemc IT = {Vi, V2, ■ ■ ■ , V r } on V = {vi,V2, ■ ■ ■ ,V n }. By 
definition, V r partitions n(n — 1) • • • (n — r + 1) tuples of into, say, t r colors. 
By antisymmetricity, every such color P has rl associated colors, namely {P r | t £ 
Symm r }. Moreover, by homogeneity, the size of every color at level r is divisible 
by n. Hence, r\n\n(n — 1) • • • (n — r + 1). But this implies r\\(n — 1) • • • (n — r + 1), 
which contradicts r\n. Therefore, n cannot exist. □ 

Below, we describe the relationship between m-schemes and association schemes. 

2.2. 3-schemes from association schemes. The notion of m-schemes is closely 
related to the concept of association schemes. Association schemes are standard 
combinatorial objects for which there exists extensive literature [BN39, BM59, 
IDel73|, IBI84) IZie05| . We recall some important identities which involve the va- 
lencies of association schemes. Note that the identities given below can all be 
found in |Zie05| . 
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Lemma 2.2. Let (X, G) be an association scheme and let d, e, f G G. The following 
holds: 

(1) <L = <£*» 

(2) c e df ■ n e = c* f . ■ n d , 

( 4 ) E g eG c9 ef n g= n e- n f- 

We now show that the concepts of 3-scheme and association scheme are essen- 
tially equivalent (strictly speaking, former is a refinement of the latter). The follow- 
ing lemma states that the first two levels of any 3-scheme constitute an association 
scheme (up to containment of the identity relation). 

Lemma 2.3. Let U = {Pi,V2,T > 3 } be a homogeneous 3-scheme on the set V = 
{vi,v 2 , ■ ■ ■ ,v n }. Then (Pi,P2 U {1}) constitutes an association scheme, where 1 = 
{(v,v) | v G V} denotes the identity relation. 

Proof. We prove that for all Pi,Pj,Pk € V2 , there exists an integer cf- such that 
for all (a,/?) GP fe , 

4 = #{ 7 e^|(a, 7 )eP i ,(7,/3)e J P,}. 

The trivial case where at least one of Pi, Pj,Pk is the identity relation is omitted. 
By the compatibility and regularity of IT at level 3, there exists a subset S C V 3 
such that for all (a,/3) € P k , the set {7 G V|(a, 7 ) G P», (7,/J) € P,} can be 
partitioned as 

Up e5 { 7 € V|(a,7) G Pi, (7, /?) G Pi, (a, 7, 0) G P}- 
By the compatibility of n at level 3, this partition can simply be written as 

0p eS {7 el' I (a, 7,0) eP}. 

By the regularity of il at level 3, the size of each set in the above partition is j^X , 
which means that 

#{7 e V\ (a, 7) g p, ( 7 , «ePi}=^^. 

Since the above equation is independent of the choice of (a, 0) G Pk, it follows that 
(Pi,P2 U {1}) is an association scheme. □ 

The next lemma states that, in turn, every association scheme also naturally 
gives rise to a 3-scheme. 

Lemma 2.4. Let (Pi,^) be an association scheme on V = {v\,V2, ■ ■ ■ ,v n }. Let 
=T>2 denote the equivalence relation on V x V corresponding to the partition 
LetV 3 be the partition of such that for two triples (m, U2,u 3 ) and (vi,V2,v 3 ), 
we have (ui,u 2 ,u 3 ) =-p 3 (vi,V2,v 3 ) if and only if 

(ui,u 2 ) =Vi {vi,V 2 ), (ui,u 3 ) = V2 (V!,V 3 ), (u 2 ,u 3 ) = V2 (v 2 ,v 3 ). 

Then {Vi,V2 — {ILP3} is a 3-scheme. 

Proof. It is an easy exercise to show that \V\,V2 — {l},Pa} satisfies compatibility, 
regularity and invariance. □ 
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2.3. Generalized matchings. We now define the notion of matchings, certain 
special colors of m-schemes that play an important role in the IKS-factoring algo- 
rithm described later. This combinatorial object - matching - provides an algebraic 
object - ideal automorphism. As before, let V = {vi, V2, ■ ■ ■ , v n } be a set of n 
distinct elements and let II = {Pi, P2, ■ ■ . , P m } be an m-scheme on V. 

Matching: A color P £ P s at any level 1 < s < m is called a matching if 
there exists 1 < i\ < . . . < ik < s and 1 < j% < . . . < j\. < s with . . . , i^) ^ 
(ii, • • • ,3k) such that 7T? ik (P ) = n* u ...j h (P) and |tt? ,... A (P)| = |P|. 

Note that the paper |IKS09| which originally defined the concept of matchings 
had the restriction that k = 1. The above definition is broader and constitutes 
a natural generalization of the previous (limited) notion of matchings. The next 
theorem gives an important sufficient condition for the existence of matchings in 
m-schemes [IKS09, Lemma 8]. 

Theorem 2.5. Let LI = {Pi, Pi, ■ ■ ■ , Pm} be an m-scheme onV = {v\, V2, ■ ■ ■ , v n }. 
Assume II is antisymmetric at level 2. Moreover, assume there exist colors Pt £ Pt 
and Pt-i := nl{Pt) G Pt—i f or some 1 < t < m and 1 < i < t such that 1 < 
s(P t: Pt-i) — \p^\\ — ^ an d m > t — 1 + log 2 I, where I € N. Then there exists a 
matching in {P\,P%, ■ ■ ■ ,P m }- 

Proof. Wlog, let us assume that Pt-i — ^\{Pt) € Vt-i- We outline an iterative 
way of finding a matching in II. Note that the set 

Ut+1 := {v g V^\nl +1 (v) : 7rlXl(v) G P t } 

is a nonempty union of colors in Pt+i- Let Pt+i be a color of Pt+i such that 
Pt+i Q Ut+i- Then by the antisymmetry of LI we have 

s{Pt + i,Pt) - -j^p < 2 < 2- 

Evidently, if s(P t+ i,P t ) = 1 then P t +\ is a matching. Otherwise, if s(P t+1 , P t ) > 1 
we proceed to level t + 2 and again strictly halve the subdegree (by the same 
argument as above). This procedure finds a matching in at most log 2 £ rounds. □ 

As a corollary to the above theorem, we have that a homogeneous m-scheme on 
n points which is antisymmetric at level 2 always has a matching if m > log 2 n. 

Corollary 2.6. Let LI = \P\,Pi, ■ ■ ■ ,P m } be a homogeneous m-scheme on the set 
V = {v 1, V2, ■ ■ ■ , v n }. Let II be antisymmetric at level 2. If m > log 2 n then there 
exists a matching in \P\,P2, ■ ■ ■ , Pm}- 

2.4. The schemes conjecture. In Corollary |2.6| it was shown that every antisym- 
metric m-scheme on n points (for large enough m) contains a matching between 
levels 1 and log 2 n. Below, we formulate a conjecture which asserts the existence of 
a constant c > 4 that could replace the above log 2 n-bound. 

Schemes conjecture. There exists a constant c > 4 such that every homogeneous, 
antisymmetric m-scheme with m > c contains a matching. 

In Section |3] we recall |IKS09| that, under GRH, the correctness of the schemes 
conjecture implies a deterministic polynomial time algorithm for the factorization of 
polynomials over finite fields (Theorem 3.4). The schemes conjecture is especially 
motivated by the fact that it is known to be true for an important class of m- 
schemes, called orbit schemes. An exact definition of orbit schemes follows. Let 
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V = {i>i, v%, . . . , v n } be a set of n distinct elements and G < Symmy a permutation 
group. Fix 1 < m < n. For 1 < s < m, let V s be the partition on such that for 
any two s-tuples (ui, U2, . . . , u s ) and (ui, t>2, ■ • ■ , v 8 ), we have (iti, U2, ■ • ■ , u s ) =-p s 
(vi,V2, ■ • ■ , v s ) if and only if 

3 cr e G : (ct(-ui),ct(u 2 ), ■ ■ . ,cr(u s )) = (vi,v 2 , ■ ■ -,v s ). 

Then {T > \,T > 2i ■ ■ ■ is an m-scheme on V. We call m-schemes which arise in 

the above-described manner orbit m-schemes. They suggest that the notion of 
m-schemes generalizes that of finite permutation groups. 

Theorem 2.7 (Schemes conjecture for orbit m-schemes). For m > 4, every homo- 
geneous, antisymmetric orbit m-scheme contains a matching. 

Proof. This is shown in |IKS091 Section 4.1]. □ 

3. Preliminaries: The IKS-algorithm 

In this section, we discuss the GRH based IKS-algorithm for factoring polyno- 
mials over finite fields [IKS09 . It fundamentally relies on the theory of m-schemes. 
It was shown in |IKS09j that the IKS-algorithm has a deterministic polynomial 
running-time for factoring polynomials of prime degree n, where (n— 1) is a constant- 
smooth number. In Section |4j we significantly improve this result to polynomials of 
prime degree n, where (n — 1) has a large constant-smooth factor. This relaxation 
implies that under a well-known number theory conjecture involving Linnik's con- 
stant, there are infinitely many primes n such that any polynomial f(x) € F g [x] of 
degree n can be factored by the IKS-algorithm in time poly (n, log q). 

3.1. Algebraic prerequisites. We now discuss algebraic prerequisites for the de- 
scription of the IKS-algorithm. Below, we recapitulate some of the basic concepts 
of polynomial factoring over finite fields. 

Associated quotient algebra A: In order to solve polynomial factoring over 
finite fields, it is enough to factor polynomials f(x) of degree n over ¥ q that have 
n distinct roots a\, . . . ,a n in ¥ q |Ber671 lBer70| . Given a polynomial f(x) E F q [x], 
for any field extension k D ¥ q , we have the associated quotient algebra 

A:=k[x]/(f(x)). 

It is isomorphic to the direct product of n fields. In the following, we interpret A 
as the algebra of all functions 

V := {ai, . . .,a n } — ► k. 

The factors of f(x) appear as zero divisors in A: Assume y(x)z(x) = 
for some nonzero polynomials y(x),z(x) g A. Then f{x)\y{x) ■ z(x), which 
implies gcd(f(x),z(x)) factors f(x) nontrivially. Since the gcd of polynomials can 
be computed by the Euclidean algorithm in deterministic polynomial time, factoring 
f(x) is, up to polynomial time reductions, equivalent to finding a zero divisor in A. 

Ideals of A and roots of f(x): For an ideal / of A, we define the support of 
/ as 

Supp(I) := V \ {v e V | o(u) = for every a e /}. 

Via the support, ideal decompositions of A induce partitions on the set V. This is 
the subject of the following lemma: 
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Lemma 3.1. If 1%, . . . , It are pairwise orthogonal ideals of A (i.e. lilj — for all 
i 7^ j ) such that A — I\ + ■ ■ ■ + It, then 

V = Supp(h) U • • • U Supp(It). 

Tensor powers of A: For 1 < m < n, we denote by A® m the m-th tensor 
power of A (as k- modules). We may regard A® m as the algebra of all functions 
from V m to k. In this interpretation, the rank one tensor element hi <S> ■ ■ ■ <S> h m 
corresponds to a function that maps (i>i, . . . , v m ) — > h\(vi) ■ ■ ■ h m {v m ). 

Essential part of tensor powers: We define the essential part A^ of A® m 
to be the (unique) ideal of A® m consisting of the functions which vanish on all the 
m-tuples (ui,..., v m ) € V m with = Vj for some i ^ j. One may interpret 
as the algebra of all functions ^A m ) — > k. 

Ideals of A^ and roots of f(x): As in the case m = 1, we define the support 
of an ideal / of A^ m%> as 

Supp(J) := V {m) \{ve V (m) | a(v) = for every a G /}. 

Using this convention, Lemma |3.1| can be generalized as follows: 

Lemma 3.2. For s < n, if I a \, ■ ■ ■ , I s ,t B are pairwise orthogonal ideals of A^ such 
that A { ^ = I s .i H h I s , ts , then 

= Supp(I sA ) U • • • U Supp(I Stt J. 

Connection with GRH: As we already mentioned, the IKS-algorithm relies 
on the assumption of the generalized Riemann hypothesis (GRH) Ri e591 ICho65[ 
BCRW08 . We formally state the hypothesis below. Recall that a Dirichlet charac- 
ter, of order k £ N>i, is defined as a completely multiplicative arithmetic function 
X '■ (Z, +) — > (C, •) such that x(n + k) — x( n ) f° r a U n i an d x( n ) = whenever 
gcd(n, k) > 1. Given a Dirichlet character x, we define the corresponding Dirichlet 
L-function by 

n=l 

for all complex numbers s with real part > 1. By analytic continuation, this function 
can be extended to a meromorphic function defined on all of C. The generalized 
Riemann hypothesis asserts that, for every Dirichlet character x, the zeros of L(x, s) 
in the critical strip < Re s < 1 all lie on the critical line Re s = 1/2. 

Under the assumption of GRH, Ronyai R6n92j showed that the knowledge of any 
explicit nontrivial automorphism a € Aut(^l) of A immediately gives us a nontrivial 
factor of f(x). The latter result is used in the routine of the IKS-algorithm. In 
R6n92], the ability of computing radicals (r-th roots for prime r) in finite fields 
is used. This can be done assuming GRH by a result of Huang [Hua84 . Thus, 
GRH 'acts' in fact through Huang's result. The motivating case of a prime field 
and r = 2 can be easily explained by Ankeny's theorem [Ank52] on the smallest 
primitive root. 

3.2. Description of the IKS-algorithm. We will now describe the routine of 
the IKS-algorithm. In the following, let f(x) g F 9 [x] be a polynomial of degree n 
having n distinct roots V = {a%, . . . , a n } in F g . For some field extension fc3F,, let 
A := k[x]/{f{x)) be the associated quotient algebra. With regards to the algorithm, 
we assume A is given by structure constants with respect to some basis bi, . . . ,b n . 
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It was shown in IKSOU Le mma 4] that we can efficiently compute the essential 
parts A {s) (1 < s < n). 

Lemma 3.3. A basis for A {m) = {k[X]/{f{X)))^ over DF, can be computed 
by a deterministic algorithm in time poly(log |fc| , n m ). 

We now proceed to give an overview of the routine of the IKS-algorithm. Namely, 
we describe how an m-scheme can be obtained from the ideal decompositions of the 
essential parts A^ s ' (1 < s < n). For referential purposes, let us quickly recapitulate 
the algorithmic data: 

Input: A polynomial f{x) £ ^q[x] of degree n having n distinct roots V = 
{«!, . . . ,a n } in F q . 

Also 1 < m < n is given, and we can assume that we have the smallest field 
extension k D ¥ q having s-th nonresidues for all 1 < s < m (computing k will take 
poly(log q,m m ) time under GRH). 

Output: A nontrivial factor of f(x) or a homogeneous, antisymmetric m-scheme 
on V = {eti, . . . , ot n }. (In the latter case we get the m-scheme only implicitly via a 
system of ideals of A^ .) 

Description of the algorithm: We define A^ = A = k[x]/(f(x)) and com- 
pute the essential parts A^ (1 < s < m) of the tensor powers of A (this takes 
poly(logg,n m ) time by Lemma 3.3). 

Automorphisms and ideal decompositions of A^ s ' (1 < s < m): Observe 
that for each r 6 Symm s , the map defined by 

t : A {s) — > A (s} , (b H ®---g>b is ) T — ► b ilT <g> • • • <g> b isT 

is an algebra automorphism of A^ . By |R6n92j , this knowledge of explicit auto- 
morphisms of A^ can be used to efficiently decompose A^ under GRH: Namely, 
one can compute mutually orthogonal ideals I Sl i, . . . , I St t s {t s > 2) of A^ such that 

A (s) -/ M + ■■■ + /„,*,. 



By Lemma 3.2 the above decomposition of A^ induces a partition V s on V^: 
V s : W s) = Supp(/,,i) U • • • U Supp(J Sit J. 

Together with V\ := {V} this yields an m-collection II = {Pi, 7^, • ■ • ,P m } on V- 

We will now show how to refine the m-collection II to an m-scheme using alge- 
braic operations on the ideals I s ^ of A^ . To do that, we first need a tool to relate 
lower level ideals I s -x,% to higher level ideals I s ,i>- 

Algebra embeddings A^ 1 " 1 — > A^ s ': For each 1 < s < m we have s natural 
algebra embeddings if , . . . , l s s : v 4 lgl ( s_1 ) — > A® s which map b^ (8 • • • ® bi s _ ± to 
bi x ® • •• ® 6j ® 1 ® bi ® • • • ® b is l respectively (for the s positions of 1). By 
restricting ij to A^^ 1 ^ and multiplying its image by the identity element of A^ s \ 
we obtain s algebra embeddings A^^ 1 ^ — > A^ denoted also by if , . . . , l s s . In the 
following, we interpret ^(A^ 1 ') as the set of functions — > k which do not 
depend on the j-th coordinate. 

The algorithm is now best described by explaining the five kinds of refinement 
procedures which implicitly refine II. (Remember we cannot see V but only have 
access to it via the ideal (/).) 

Rl (Compatibility): If for any 1 < s < m, for any pair of ideals I s -n and I s i > 
in the decomposition of _4( s_1 ) and A^ respectively, and for any j 6 {!,•■■ ,s}, 
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the ideal Lj(I s —i^)I St i' is neither zero nor I s ,i', then we can efficiently compute a 
subideal of I s i i and thus, refine I s y and the m-collection II. 

Note that Rl fails to refine II only when II is a compatible collection. 

R2 (Regularity): If for any 1 < s < m, for any pair of ideals I s -i,i and J Sj ,/ 
in the decomposition of A^^ 1 ^ and respectively, and for any j e {1, ... ,s}, 
Lj(I s —i t i)I Sj i' is not a free module over i^(7 s _ 1 j), then by trying to find a free basis, 
we can efficiently compute a zero divisor in I s —n and thus, refine I s -n and the 
m-collection II. 

Note that R2 fails to refine II only when II is a regular collection. 

R3 (Invariance) : If for some 1 < s < m and some t <E Symm s the decom- 
position of _4A S ) is not r-invariant, then we can find two ideals I St i and I s y such 
that 1 T S i H I s ,i' is neither zero nor I s ,i>', hence, we can efficiently refine I s ^' and the 
m-collection II. 

Note that R3 fails to refine II only when II is an invariant collection. 

R4 (Homogeneity): If the algebra A^ = A is in a known decomposed form, 
then we can trivially find a nontrivial factor of f(x) from that decomposition. 
Note that R4 fails to refine II only when II is a homogeneous collection. 

R5 (Antisymmetry): If for some 1 < s < m, for some ideal I S i and for some 
t G Symm s \ {id}, we have l r si = I s ^, then r is an algebra automorphism of I s ^. 
By }R6n92| . this means we can find a subideal of I s ^ efficiently under GRH and 
hence, refine and the m-collection II. 

Note that R5 fails to refine II only when II is an antisymmetric collection. 

Summary: The algorithm executes the ideal operations R1-R5 described above 
on A^ (1 < s < m) until either we get a nontrivial factor of f(x) or the underly- 
ing m-collection II becomes a homogeneous, antisymmetric m-scheme on V. It is 
routine to verify that the time complexity of the IKS-algorithm is poly(log q, n m ). 

3.3. From m-schemes to factoring. We saw in the last subsection how to either 
find a nontrivial factor of a given f(x) or construct an m-scheme on the n roots of 
f(x). In the following, we explain how to deal with the "bad case", when we get 
a homogeneous, antisymmetric m-scheme instead of a nontrivial factor. We will 
see how the properties of homogeneous and antisymmetric m-schemes can be used 
to obtain a nontrivial factorization of f(x) even in this case. The next theorem is 
of crucial importance (it is [IKS09] Theorem 7] extended to our general notion of 
matchings) . 

Theorem 3.4 (Matchings refine). Let f{x) be a polynomial of degree n over V q 
having n distinct roots V = {ai, . . . , a n } in ¥ q . Assuming GRH, we either find a 
nontrivial factor of f(x) or we construct a homogeneous, antisymmetric m-scheme 
on V having no matchings, deterministically in time poly(log(j, n m ). 

Proof. We apply the algorithm from Section [372] , suppose it yields a homogeneous, 
antisymmetric m-scheme II = {Pi, 7^2, ■ ■ ■ ,P m } on V. For the sake of contradic- 
tion, assume that some color P € V s is a matching. Let 1 < i\ < . . . < < s and 
1 < h < ■■■ < 3k < s with (ii, ...,i k ) ^ (ji, . . . ,j k ) be such that 7T? ,.... lk {P) = 
rf u .,„j h {P) and |< 11 ...,i fc (-P)| = \P\- Then <,..., ifc (7r| 1 ,...,jJ" 1 is a nontrivial per- 
mutation of 7r* i k (P)- F° r t ne corresponding orthogonal ideal decompositions of 
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A {1 \...,A {m \ this means that the embeddings 



both give isomorphisms I s —k,l' — ^ Is,h where the ideals I s —k,l' & n d / s ,; correspond 
to ih (P) and P, respectively. Hence, the map (i^ . % k )~ llj ji,...j k ^ s a nontrivial 
automorphism of I s -k,v ■ By [R6n92], this means we can find a subideal of I s —k,V 
efficiently under GRH and thus, refine the m-scheme II. □ 



Combining the above result with Corollary |2.6| we conclude that one can com- 
pletely factor f(x) in time poly(log<7, n logn ) under GRH. This reproves Evdokimov's 
result [Evd94| , which is based on a framework less general than that of ro-schemes 
described above. Note that any progress towards the schemes conjecture (Section 



2.4) will directly result in an improvement of the time complexity of the IKS- 
algorithm. A proof of the schemes conjecture, for parameter c, would imply that 
the total time taken for the factorization of fix) would improve to poly(log q, n°). 

In the special case that f{x) is a polynomial of prime degree n, where (n — 1) 
satisfies certain divisibility conditions, we study the structure of association schemes 
of prime order to show that for a 'small' m the 'bad' case in Theorem |3.4| never 
happens. This is discussed in the following section. 



4. Factoring prime degree polynomials 

In this section we show that the IKS-algorithm has polynomial running time for 
the factorization of polynomials f{x) G V q [x] of prime degree n, where (n — 1) has 
a large constant-smooth factor. By this we mean a number s € N of magnitude 
\fnfl such that s\(n — 1) and all prime factors of s are smaller than r. The 
exact relationship beween £, r and the time will appear later. Previously, the IKS- 
algorithm was only known to have polynomial running time for the factorization of 
polynomials of prime degree n, where (n— 1) is constant-smooth [IKS09 . Our new 
results imply that under a well-known number theory conjecture involving Linnik's 
constant, there are infinitely many primes n such that any polynomial f(x) £ F g [x] 
of degree n can be factored by the IKS-algorithm in time poly (log q, n). As a main 
tool, we employ structural results about association schemes of prime order, most 
notably [HTJ061 [MP12] . 

4.1. Schemes with bounded valencies and indistinguishing numbers. We 

now prove Theorem |1. 3 1 which concerns the existence of small intersection numbers 
in association schemes (with bounded valencies and indistinguishing numbers) as- 



suming large number of relations. Note that Theorem 1.3 is the principal scheme 
theory result underlying our main theorem about the factorization of prime degree 
polynomials (Theorem |l.l| . It is a counting (in two ways) argument on the graph 
of the scheme. It is elementary assuming the fundamental theorems about schemes, 
but it yields a new interesting property for this class of schemes. 



Proof of Theorem 1.3 Fix a relation 1 / fi £ G and a tuple (a, (3) S u. For all 
v € G \ {1, it}, define 

S v := {(«', 7 ) S X 2 | (a',/3) € u; (a, 7 ) ^ (a', 7) € v}. 
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The set S v consists of those tuples (a', 7) G X 2 which together with (a, f3) form a 
non-degenerate quadrilateral of the type seen below. 




We determine the cardinality of S v . Note that for any relation b G G, there are 
exactly c% u choices for a' G X such that (a, a') G b and (a', j3) G u. Moreover, after 
choosing a', there are exactly c„„» choices for 7 G X such that (a, 7), (a', 7) G v. 



Thus, LSJ 



E 

»eG\{i,«} 



15*1 = 



Especially, 



c btt ' 



< 



E « 



bit 



S' 2 ■ c < S[ ■ 8' 2 ■ c • k, 



where the last inequality follows from Lemma 2.2 (3) 



For the sake of contradiction, assume that for all v G G\{l,u} we have either 
c u*v = or c™, v > £ for all except at most one relation w £ G. We derive a lower 
bound on \S V \ in order to obtain the contradiction. For v G G\{l,u} define 

W v :={w£G\C» v ^Q}. 

Note that for each relation w G W v there are exactly c™ w * choices for 7 such that 
ifit'i) G w and (a, 7) G v. Moreover, after choosing 7, there are exactly c™» v — 1 
choices for a' such that (a',j3) G u and (a', 7) G u. Thus, = Yl 



i c u*v ~ !)• Now observe that c% w . > 



Si 



for all w G W„ by Lemma 



(2). Since we assume that 
conclude 



2.2 



> £ for all except at most one relation w G W v we 



\SJ > 



Si 
S'i 



E 



c w , (c w , - 1) > 



Si 
S'i 



(£-1) 



V c w , 



The last inequality is based on the summand-wise inequality: (£—l)c™, v — c™* v {c\ 



1) < (Pfl). From the equation T, we w v <*v 
(4)) it follows that J2weW v c l 
1 < £ < (Sf/S'i) ■ k, we deduce 

Especially, we have 



(see Lemma 



2.2 



\S V \ > 



> (Sf/5'i) ■ k. Moreover, using the assumption 



E l^|>(|G|-2) 



4(£-l) 
S\ 



> 



{£-l)k. 



(£-l)k. 



»6G\{1,«} 

This yields 8[S' 2 -ck > (\G\-2) 
a contradiction. 



2{5[) 



(£-l)k and hence 2(S[/6i 



3 t)' ■ 

°2 



•2>\G\, 
□ 



Let us now consider the special case where (X, G) is an association scheme of 
prime order n := \X\. Hanaki-Uno's theorem HU06 tells us that in this case, 
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there exists k £ N such that k — n g for all 1 ^ g £ G (i.e. all nontrivial valencies 
coincide) . We will refer to k simply as the valency of (X, G) . It was shown in |MP12[ 
Theorem 3.2] that for prime order association schemes (X, G) of valency k 7 every 
nontrivial relation g £ G has indistinguishing number c(g) — (k — 1). Combining 



the above considerations with Theorem 1.3 we immediately obtain Corollary 1.4 
about prime order association schemes. 

4.2. Factoring algorithm for prime degree polynomials. Drawing on the 
scheme theory results from the last subsection, we obtain the following lemma 
about the existence of matchings in homogeneous antisymmetric m-schemes on a 
prime number of points. 

Lemma 4.1. Let IT = {Pi, ■ ■ ■ ,V m } be a homogeneous, antisymmetric m-scheme 
on V , where n :— \V\ is a prime number. Let k denote the valency of the association 
scheme (Pi, P2 U {1})- Assume that m > 2 log 2 £ + 3 and |P 2 | > 2 ^L 1 1 ' > + 1 for some 
£ £ N>i- Then there exists a matching in II. 



Proof. By Corollary 1.4 there exist nontrivial relations u ^ v, w ^ w' £ V% such 
that < c™* v < c™, v < £. Hence there exist a, /3,7,7' £ V such that (a, (3) £ u, 
(a, 7), (a, 7') £ v, (/3, 7) € w and 7') £ w' . Clearly, the relation P £ V4 
containing the tuple (f3,a,j,-f') satisfies 7rf 3 (P) = nf A (P) = v. Also, iPl/lwl = 
|P|/|u| < c™* v -c™l v < i 2 , thus P has subdegree at most i 2 over v. Now if s(P, v) = 1 
then P is a matching. On the other hand, if s(P, v) > 1 then we define Q := 7rf (P) £ 
P3 and consider the equation s(P, v) = s(P, Q) ■ s(Q, v). It implies that at least one 
of the subdegrees s(P,Q),s(Q,v) is both at least 2 and at most £ 2 , thus we get a 
matching in II by suitably invoking Theorem |2.5| □ 



Using the above lemma about the existence of matchings in m-schemes on a 
prime number of points, we can now prove our main result, Theorem |1.1| 

Proof of Theorem \l.l\ Let £' := (2^+1). It suffices to consider the case that f{x) has 
n distinct roots V = {ax, . . . , a n } in F 9 . Let m := max{r+l, 2 log 2 £'+S}. We apply 
the IKS-algorithm (Section [3]) and by Theorem 3.4 either find a nontrivial factor of 



f(x) or construct a homogeneous, antisymmetric m-scheme IT = {Pi,p2, ■ ■ ■ ,Pm} 
on V having no matchings, deterministically in time poly (log g, n" 1 ). Suppose for 
the sake of contradiction that the latter case occurs. 

Clearly, (Pi,p2U{l}) is an association scheme of prime order n, where 1 denotes 
the trivial relation. Thus, by Hanaki-Uno's theorem IHU06j there exists k\(n — 1) 
such that |P| = kn for all P £ P 2 - Thus, |P 2 | = {n-l)/k. We distinguish between 
the following two cases. 

Case I: gcd(s, k) = 1. Then \V 2 \ = (n - l)/k > s > y/2n/(£' - 1) + 1. Thus, 
k < y/n(£' - l)/2 = y/2n/(£' - 1) • (f - l)/2 < (s - !)(£' - l)/2, implying \V 2 \ > 



s > 1 + jtzt- Especially, II contains a matching by Theorem 4.1 contrary to our 
assumption. 

Case II: gcd(s,fc) > 1. The colors in {P 2 , • ■ • , Pr+i} can be used to define 
a homogeneous, antisymmetric r-scheme on k points as follows: Pick Pq £ V2 
and define V := {a £ V\(a.\,a) £ Po}. Furthermore, define an r-collection 
n' = {V[, . . .,V' r } on V such that for all 1 < i < r and for each color P £ V i+1 , 
we put a color P' £ V[ such that 

P' :={v EV'^\(a u v)EP}. 
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Then \V'\ = k, and II' = {P[, . . . ,7-^} * s a homogeneous, antisymmetric r-scheme 
on k points. On the other hand, by gcd(s, k) > 1 we know that k has a prime 



divisor which is at most r; therefore, II' cannot exist by Lemma 2.1 □ 



We point out in the next section that, under a well-known number theory con- 
jecture involving Linnik's constant, there are infinitely many primes n for which 
the time complexity in Theorem |1.1| is polynomial. 

5. Number theory considerations 



5.1. Primes n of Theorem Linnik's theorem in number theory answers a 
natural question about primes in arithmetic progressions. For coprime integers a, s 
such that 1 < a < s — 1, let p(a,s) denote the smallest prime in the arithmetic 
progression {a + is}i. Linnik's theorem states that there exist (effective) constants 
c, L > such that 

p(a, s) < cs L . 

There has been much effort directed towards determining the smallest admissible 
value for the Linnik constant L. The smallest admissible value currently known is 
L = 5, as proven by Xylouris |Xylll| . It has been conjectured numerous times that 
L < 2 [SSKHl IKan63l IKan641 IHB92] as noted below. 

Conjecture 5.1. There exists c > such that for all coprime integers a, s with 
1 < a < s— 1, the smallest prime p(a, s) in the arithmetic progression {a+is \ i G N} 
satisfies p(a, s) < cs 2 . 

This conjecture is not known to be true under GRH. The result that comes 
closest to it, is |BS961 Theorem 5.3]: p(a,s) < 2(slogs) 2 . 

Let us consider how the primes of the type we described in Theorem |1.1| relate 
to p(l, s). This is the subject of Corollary 1 1.2 1 which we prove below. 



Proof of Corollary \1.S\ For the first part, we just assume GRH. Let r e N>i be a 
constant and s £ N a (large enough) r-smooth number. By [BS96, Theorem 5.3] 
there is a prime n — p(l, s) < 2(slogs) 2 . Thus, s > ^/n/2/logs > (yn/2/logn) + 

1 = <\Jn/(2 log 2 n) + 1. Thus, we can generate infinitely many primes n such that 

Theorem IliI applies for t :— i(n) = 21og 2 n, and proves a time complexity of 
poly(loggX^ glog "). 



For the second part, we additionally assume Conjecture 5.1 Let r € N>i be a 
constant and s £ N a (large enough) r-smooth number. By the conjecture there 
is a prime n = p(l,s) < cs 2 . Thus, s > \Jnjc > y/njjc + 1) + 1. Thus, we can 
generate infinitely many primes n such that Theorem |1.1| applies for I := (c+ 1), 
and proves a time complexity of poly (log q, n). □ 



5.2. Optimality of Theorem |1.3[ Naturally, one asks if it is possible to further 
relax the conditions which Theorem |1.1| places on the prime number n (i.e. the 
degree of the polynomial we want to factor) . In our current framework, this trans- 
lates to asking to which extent we can relax the conditions for the existence of small 
intersection numbers in schemes of bounded valency and indistinguishing number 



(Theorem 1.3). However, the example of the cyclotomic scheme below shows that 



the conditions of Theorem 1.3 cannot be relaxed (up to constant factors). 
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Recall the definition of a cyclotomic scheme |Del73| IGC92j . Let p be a prime 
and let e\(p — 1). Let a be a generator of the multiplicative group F* of the field 
F p . We denote by (a e ) the subgroup generated by a e . Let V := {Pi | < i < e} be 
the partition on F p x F p such that Po := {(x, x) \ x G F p } and 

Pi ■= {{x, y)e¥ p x¥ p \x-yea l (a e )} 

for i = 1, . . . , e. Then it can be checked that (X, G) = (¥ p , V) is an association 
scheme. Moreover, the definition of (¥ p ,P) does not depend on the choice of the 
generator a. We call (¥ pi 'P) the cyclotomic scheme in (p,e). 

In the following, let (¥ p ,V) be the cyclotomic scheme in (p, e) as above and let 
k := (p — l)/e. For nontrivial relations P r ,P s ,Pt G V and (x,y) G Pt, we have 

4 - #{z G ¥ p | (x - z) G a r (a e ) ,(z-y)ea s (a e )} 

= #{(2/1,2/2) G F; x F; I oTyl + a s yl = (x - y)}/e 2 . 

We divide by e 2 because that is exactly the number of repetitions of a value (yf, yf ) 

as we vary 2/1,2/2 G F*. 

By the Hasse-Weil bound [Wci7ll rVoi05] . we have 

G F p x F p I + a s y 2 e = (x - y)} - (p + 1)| < e 2 ^ + 0(1), 

from which it follows that 



< Vp + o(i) 



To make the 'error' term small, fix e = k 1 / 3, /c y p 1 / 4 for a (large enough) constant 
c G N. Now (p + l)/e 2 > and we can estimate that c* s > ^ > (c/2) • fc 2/3 y 
p 1 / 2 . Also, |G| > e > k/(ck 2 / 3 ). Thus, we have an association scheme where both 
the number of relations and the intersection numbers are large, i.e. i n the range k 3 



and fcs, respectively. This matches the parameters of Corollary 1.4 exactly. 

This proves that our scheme theory result, especially Corollary \1A\ is optimal. 
But when \G\ is larger than k 1 / 3 the Hasse-Weil bound has too large an error. We 
do not know whether now 'small' nonzero intersection numbers start showing up. 

6. Conclusion 

We studied polynomial factoring over finite fields, under GRH, mainly through 
algebraic-combinatorial techniques. These are very effective when the polynomial 
has a prime degree. We are able to give an infinite family of prime degrees for 
which our analysis is much better than the known techniques. 

The main open question here is to extend this study to factor all prime degree 
polynomials. The key here is to study the underlying m-scheme that the factoring 
algorithm gets 'stuck' with. Its 3-subscheme is a nice association scheme (it is equiv- 
alenced). Since its intersection numbers, and other deeper representation theory 
invariants, manifest in the higher levels of the m-scheme, the schemes conjecture 



(Section 2.4 1 might be approachable. 

Another question is to slightly improve Corollary |1.4| We do show that it cannot 
be improved in generality, but that does not rule out the following improvement: 
There exist at least two constant-small intersection numbers when \G\ ~ fc/logfc. 
This would be enough to give an infinite family of primes n so that Theorem |1.1| 
has a polynomial time complexity (only assuming GRH). 
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Finally, we leave the question of extending Theorem |1.3[ so that it becomes 
applicable to composite order association schemes, open. Improvements there would 
likely translate to factoring polynomials of new composite degrees. 
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